公开(公告)号：US11954127B1

公开(公告)日：2024-04-09

申请号：US17316421

申请日：2021-05-10

Applicant: Splunk Inc.

Inventor： Nicholas J. Filippi ,  Siegfried Puchbauer ,  Ruyuan Ge

IPC: G06F16/00 ,  G06F16/2458 ,  G06F16/28

CPC classification number: G06F16/283 ,  G06F16/2465

Abstract: Systems and methods are disclosed for associating summarizations of visualizations of a data set based on affinities between the summarizations. For a data set, a number of summarizations may be created that summarizes the data set in different ways. The summarizations may be linked, such that selecting a data element of a first summarization causes display of a second summarization. To assist in linking of summarizations, suggested linkings between summarizations can be determined based on affinities of the two summarizations. Affinities can reflect similarities in the data content of the two summarizations, such as an output of a first summarization being a valid input to the second summarization.

公开(公告)号：US11949547B2

公开(公告)日：2024-04-02

申请号：US17387811

申请日：2021-07-28

Applicant: SPLUNK Inc.

Inventor： Ryan Lee Faircloth ,  Ankit Chetan Bhagat ,  Mayur Sanjaybhai Pipaliya ,  Yuan Ling

IPC: G06F15/173 ,  H04L41/0213 ,  H04L41/046 ,  H04L67/306

CPC classification number: H04L41/0213 ,  H04L41/048 ,  H04L67/306

Abstract: Techniques are described for automating the configuration of a simple network management protocol (SNMP) manager device for enabling collection of SNMP data from one or more SNMP-enabled devices. Based upon SNMP object identifiers (OIDs) received from an SNMP-enabled device, processing is performed to map the OIDs to one or more SNMP management information bases (MIBs) corresponding to the OIDs. The identification of the OIDs and mapping the OIDs to one or more MIBs is performed in an automated manner and substantially free of any human or manual intervention. The identified one or more MIBs are then used to configure the SNMP manager to enable SNMP communications between the SNMP-enabled device and the SNMP manager. In certain implementations, the identified one or more MIBs are loaded into system memory by the SNMP manager.

公开(公告)号：US11934418B2

公开(公告)日：2024-03-19

申请号：US17447620

申请日：2021-09-14

Applicant: Splunk Inc.

Inventor： Ashish Mathew ,  Ledion Bitincka ,  Igor Stojanovski ,  Dhruva Kumar Bhagi

IPC: G06F16/248 ,  G06F16/21 ,  G06F16/22 ,  G06F16/28

CPC classification number: G06F16/248 ,  G06F16/2228 ,  G06F16/285 ,  G06F16/21

Abstract: Techniques and mechanisms are disclosed to optimize the size of index files to improve use of storage space available to indexers and other components of a data intake and query system. Index files of a data intake and query system may include, among other data, a keyword portion containing mappings between keywords and location references to event data containing the keywords. Optimizing an amount of storage space used by index files may include removing, modifying and/or recreating various components of index files in response to detecting one or more storage conditions related to the event data indexed by the index files. The optimization of index files generally may attempt to manage a tradeoff between an efficiency with which search requests can be processed using the index files and an amount of storage space occupied by the index files.

公开(公告)号：US11934417B2

公开(公告)日：2024-03-19

申请号：US17373580

申请日：2021-07-12

Applicant: Splunk Inc.

Inventor： Ai-Chi Lu ,  Arun Ramani ,  Nicholas Matthew Tankersley

IPC: G06F7/00 ,  G06F3/04847 ,  G06F16/00 ,  G06F16/248 ,  G06F16/9535 ,  G06F3/04842

CPC classification number: G06F16/248 ,  G06F3/04847 ,  G06F16/9535 ,  G06F3/04842

Abstract: Data intake and query system (DIQS) instances supporting applications including lower-tier, focused, work group oriented applications, are tailored to display the metrics for the needs of the user. An interface caused by operation of an entity monitoring system (EMS) operating in conjunction with the lower-tier DIQS displays the monitored entities as individual representations. The user selects a metric and a metric threshold. The EMS causes a display of an interface having a representation for each monitored entity. Each representation includes a metric value and indicates an entity status based on the metric value and the threshold. The user can dynamically change the threshold on the interface for easy visualization of aggregation of monitored entities to determine the performance of the infrastructure. The interface also provides the user with the ability to select an entity and click through to the entity analysis workspace for more detailed information.

公开(公告)号：US11934256B1

公开(公告)日：2024-03-19

申请号：US17336013

申请日：2021-06-01

Applicant: Splunk Inc.

Inventor： Vitaly Akulov ,  Amritpal Singh Bath ,  William King Colgate ,  Sarah Harun ,  Jibang Liu ,  Vishal Patel ,  Tingjin Xu

IPC: G06F16/24 ,  G06F11/07 ,  G06F11/32 ,  G06F11/34 ,  H04L43/0852 ,  H04L43/10

CPC classification number: G06F11/0757 ,  G06F11/079 ,  G06F11/328 ,  G06F11/3452 ,  G06F11/3476 ,  G06F2201/80 ,  H04L43/0852 ,  H04L43/10

Abstract: In accordance with various embodiments of the present disclosure, a first instance of a data intake and query system (DIQS) may receive latency data that indicates latency states of second instances of the DIQS, the latency states indicative of latencies associated with processing of event data by the plurality of second instances. The first instance may then determine overall latency state of the first instance based, at least in part, on determining number or percentage of the first instance and the second instances of the DIQS having one or more particular latency states, and determining whether the number or percentage of the first instance and the f second instances of the DIQS having the one or more particular latency states is equal to or exceeds a threshold. The first instance may then present the overall latency state of the first instance.

公开(公告)号：US11922232B2

公开(公告)日：2024-03-05

申请号：US17506358

申请日：2021-10-20

Applicant: Splunk Inc.

Inventor： Maryann Cristofi ,  Jeff Roecks ,  Kavita Varadarajan

IPC: G06F3/00 ,  G06F3/0482 ,  G06F9/44 ,  G06F9/54 ,  G06F21/62

CPC classification number: G06F9/542 ,  G06F3/0482 ,  G06F9/44 ,  G06F21/62 ,  G06F2221/2113

Abstract: Techniques are described for providing an IT and security operations mobile application for managing IT and security operations instances of an IT and security operations application via a mobile device. The IT and security operations mobile application can be linked to the IT and security operations application to enable the IT and security operations application to send messages (e.g., notifications, alerts, action requests, etc.) related the occurrences of incidents/events in an IT environment, such as security-related incident, that can impact the operation of the IT environment. The IT and security operations mobile application enables a user to respond to the messages by initiating actions that are sent to the IT and security operations application for executing within the IT environment.

公开(公告)号：US11922222B1

公开(公告)日：2024-03-05

申请号：US16777612

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： Gaurav Chawla ,  Mehul Goyal ,  Sanish Mahadik ,  Sumeet Rohatgi

IPC: G06F9/46 ,  G06F8/71 ,  G06F9/455 ,  G06F9/50

CPC classification number: G06F9/5077 ,  G06F8/71 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/4557

Abstract: A control plane system can be used to manage or generated components in a shared computing resource environment. To generate a modified components, the control plane system can receive receiving configurations of a component. The configurations can include software versions and/or parameters for the component. Using the configurations, the control plane system can generate an image of a modified component, and communicate the image to a master node in the shared computing resource environment. The master node can provides one or more instances of the modified component for use based on the received image.

公开(公告)号：US11921799B1

公开(公告)日：2024-03-05

申请号：US18162632

申请日：2023-01-31

Applicant: Splunk Inc.

Inventor： Iman Makaremi ,  Gyanendra Rana ,  Iryna Vogler-Ivashchanka ,  Adam Oliner ,  Harsh Keswani ,  Manish Sainani ,  Alexander Kim

IPC: H04L41/069 ,  G06F16/2458 ,  G06F16/951 ,  G06F40/30 ,  H04L41/0686 ,  H04L67/01 ,  H04L67/141

CPC classification number: G06F16/951 ,  G06F16/2471 ,  G06F40/30 ,  H04L41/0686 ,  H04L41/069 ,  H04L67/01 ,  H04L67/141

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of an automatic data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive the disparate data and ingest certain of the data as measurement entries of a DIQS metrics datastore that is searchable for DIQS query processing. The DIQS may receive search queries to process against the received and ingested data via an exposed network interface. In one example embodiment, a query building component conducts a user interface using a network attached client device. The query building component may elicit search criteria via the user interface using a natural language interface, construct a proper query therefrom, and present new information based on results returned from the DIQS.

公开(公告)号：US11921672B2

公开(公告)日：2024-03-05

申请号：US16657872

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Timothy Tully

IPC: G06F16/14 ,  G06F16/13 ,  G06F16/17

CPC classification number: G06F16/148 ,  G06F16/13 ,  G06F16/1734

Abstract: Systems and methods are described for executing a query of raw machine data that is stored at a remote data store that may store heterogeneous data. The system can determine the directories or file types that may store event data and may instruct one or more worker nodes to access files that may store events based on the determined directories of file types. Further, the system may exclude files at the remote data store that may not be identified as potentially storing events enabling a query that implicates a heterogeneous data store to be efficiently executed.

公开(公告)号：US11902306B1

公开(公告)日：2024-02-13

申请号：US16863911

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Sourabh Satish

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1441 ,  H04L2463/121

Abstract: Techniques are described for enabling an IT and security operations application to detect and remediate advanced persistent threats (APTs). The detection of APTs involves the execution of search queries to search event data that initially was associated with lower-severity activity or that otherwise did not initially rise to the level of actionable event data in the application. The execution of such search queries may thus generally be configured to search non-real-time event data, e.g., event data that outside of a current window of days or a week and instead searches and aggregates event data spanning time periods of many weeks, months, or years. Due the nature of APTs, analyses of historical event data spanning such relatively long periods of time may in the aggregate uncover the types of persistent activity associated with APTs that would otherwise go undetected based only on searches of more current, real-time event data.